Most of the big enterprises have IT department now a days. They have IT assets such as computers, networks, and data. You conduct security audit to find out potential security risks in your company. This article highlights the core areas to conduct security audit.
- Scope of the Audit: In the beginning, you have to create a master list of audits to figure out what needs to be protected. That should include tangible assets like Desktop, Servers, files, web server, printer, Data, VoIP Record, Email, Web Pages etc. It may also include intangible assets that the company decides to protect.
- Security Boundary: You need to determine what are the physical and logical security boundary for the audit. The physical boundary should contain those assets that need to be secured.
- Threat List: In addition to asset list, you need to know what kind of threat each asset may expect. That may include:
- Computer or Network password: Try to see whether there is a record for log in information. Are those passwords strong enough?
- Email: Please, try to see if there is any spam and phishing filter that is associated with Email. It is good idea to encrypt employees’ email.
- Physical Assets: Is it possible to remove computer or accessories from the company area.
- Back ups: How the back up is conducted, where they have been kept, who did the back up
- Accessing secret information: Who can access those information? Is there any control in place? Can anybody outside access those information etc.
- Network Access: You need some kind of Access Control List to figure out who got access at different assets in the company. Your network access control should take care of the following items like encryption, digital signatures, ACLs, IP addresses verification, user names, and cookies for web pages.
- Back Ups: In case of potential breaking or hacking of your system, you company is going to suffer due to information loss. In that circumstance, it is crucial to keep some kind of back up of your important assets. You need to emphasize on the important areas like On Line and Off line Storage, Scheduled back ups etc.
- Physical Intrusion: This is the last but not least important security threat. You have to consider threat like if any outsider breaks into the business premises and steal some of the assets. You can take help from outside services to protect your expensive phones and PDAs. A stolen phone can not be used without security authorization.
Filed under
Enterprise Software,
Security | Tags:
Access Control List,
Desktop,
Email< Back Up,
IP Address,
Network Access,
Phishing,
Security Audit,
VoIP,
Web Server | Comment Below
Related?
SUN Microsystem Announced New Data Protection and Security Service, Data Erasure to Implement Corporate Data Erasure PolicyNovember 29th, 2008 SUN Microsystem unveiled new Data protection service, Erasure that enhances data security measures with on-site, software enabled data. Erasure complies with up to 14 international standards and provides an audit-ready report for proof of compliance.
Why Identity Management is so Important for Information Security?June 18th, 2009 Identity and access management is the foundation of your company to manage risk, compliance and enterprise governance (GRC) on an integrated platform. Identity Management focuses on Digital identities and their access to your system information.
Key Implications of Sarbanes-Oxley Act(SOX) For Corporate Accounting and Financial Disclosure InformationDecember 14th, 2008 The Sarbanes-Oxley Act (SOX), also known as Public Company Accounting Reform and Investor Protection Act of 2002 is a US Federal law that was enacted to build public confidence in response to
the Corporate Scandal like Enron, Tyco and Worldcom in USA in the early of this decade. The scandal costs billions of dollars of investors' money and simultaneous slump of share market.
Aids awareness campaign for BPO staff in KolkataJuly 16th, 2009 KOLKATA - In an attempt to create awareness of deadly HIV/AIDS in the IT and BPO sectors, the Kolkata-based Indian Chamber of Commerce (ICC) are conducting special programmes. The ICC has joined hands with the West Bengal State AIDS Prevention and Control Society (WBSAP and CS) to conduct this programme, named 'Project on Mainstreaming AIDS Awareness'.
How You can Perform Penetration TestJuly 5th, 2009 Penetration test is the process of evaluating the information security of your IT department. You test your information security system to find out any security issues.
The Top Five Ways to Protect Corporate DataFebruary 24th, 2009 Company spent millions of dollar every year to protect their networks. The most popular approach to dispel the fear of hackers is Firewall, Gateway filter and other monitoring devices. But companies are paying more attention now a days to secure corporate data which was previously ignored.
ClearMetrix, the Quality Assessment Solution for Contact Center ReleasedOctober 25th, 2008 HyperQuality, the leading provider of third arty quality assurance and business intelligence for contact centers, recently announced ClearMetrix. The hosted software will help companies improve contact, operational and marketing performance.
Security is a Big Concern for Websites of Major US Banks August 3rd, 2008 A new study from University of Michigan reveals that 75% of all US banks have security flaw. The security concern includes design flaws that expose passwords and are susceptible to tampering by attackers, researchers say.
